Proposed PATCH: cplus-dem.c bug fix

[Tom Tromey]

A symbol like this:

   _Utf390_1__1_9223372036854775807__9223372036854775

will cause the current cplus-dem.c to crash.  Symbols like this can be
generated by the Java front end.  Perhaps it is wrong to generate
symbols like this; however, that is irrelevant, since cplus-dem.c
should not crash in any case.

Here is my proposed patch.

1999-02-23  Tom Tromey  <tromey@cygnus.com>

	* cplus-dem.c (consume_count): If `count' wraps, return 0 and
	don't advance input pointer.
	(demangle_class_name): If consume_count didn't find a count, do
	nothing.

Tom

Index: cplus-dem.c
===================================================================
RCS file: /cvs/cvsfiles/devo/libiberty/cplus-dem.c,v
retrieving revision 1.102
diff -u -r1.102 cplus-dem.c
--- cplus-dem.c	1999/03/17 00:21:01	1.102
+++ cplus-dem.c	1999/03/30 19:45:57
@@ -429,12 +429,22 @@
 consume_count (type)
      const char **type;
 {
-  int count = 0;
+  unsigned int count = 0;
+  char *save = *type;
 
   while (isdigit ((unsigned char)**type))
     {
       count *= 10;
       count += **type - '0';
+      /* A sanity check.  Otherwise a symbol like
+	 `_Utf390_1__1_9223372036854775807__9223372036854775'
+	 can cause this function to return a negative value.
+	 In this case we just consume until the end of the string.  */
+      if (count > strlen (*type))
+	{
+	  *type = save;
+	  return 0;
+	}
       (*type)++;
     }
   return (count);
@@ -1959,7 +1969,7 @@
   int success = 0;
 
   n = consume_count (mangled);
-  if ((int) strlen (*mangled) >= n)
+  if (n > 0 && (int) strlen (*mangled) >= n)
     {
       demangle_arm_hp_template (work, mangled, n, declp);
       success = 1;